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AMENDMENTS TO THE CLAIMS 

The following listing of claims will replace all prior versions and listings of claims 
in the application. 

1 . (Currently Amended) A method for distributing encryption keys in a Wireless 
Local Area Network (WLAN), comprising: 

receiving, by an authentication device, an authentication request containing 
identification information for identity authentication from a mobile host; 

authenticating said mobile host according to said identification information; 

if authentication fails, sending a message comprising ACCESS_REJECT 
information to said mobile host, and 

if authentication succeeds[[,]]: 

sending key-related information M1 to an access point (AP) and a 

mossago comprising ACCESS_ACCEPT i nformation to said mobi l e host , 

wherein the key-related information M1 includes property information associated 

with the mobile host[[,]]; and sa i d k e y - related informat i on M1 is usod to gonorato 

a key by sa i d AP; 

generating, by said AP, a key based on said key-related information M1 
using a key generation algorithm; and 

sending a message comprising ACCESS ACCEPT information to said 
mobile host, wherein: 

wh e r ei n if the message comprising the ACCESS ACCEPT 

information comprises key-related information M2 including said key 
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generated by said AP i s compr i sed in said mossago compr i s i ng th e 
ACCESS_ACCEPT information , said mossago comprising the 
ACCESS ACCEPT information said key-related information M2 is 
encrypted bv the AP and is sent to said mobile host along with said 
ACCESS ACCEPT information; and i s oncryptod. and sa i d mossago 
compr i s i ng the ACCESS_ACCEPT information i s us o d to obtain th e key 
by th e mob ile host 

if the message comprising the ACCESS ACCEPT information does 
not comprise the key-related information M2, the mobile host generates 
the key upon receipt of said message comprising the ACCESS ACCEPT 
information . 

2. (Currently Amended) The method for d i stributing encrypt i on koys i n tho WLAN 
of claim 1 A further compr i s i ng: 

g e n e rat i ng th e key, by said AP, accord i ng to said property i nformation assoc i ated 
w i th th e mob il e host with a koy gonoration a l gor i thm; and 

generating tho koy t by said mobile host wherein the mobile host generates the 
key according to property information stored in the mobile host with the same key 
generation algorithm after said mobile host receives said message comprising the 
ACCESS_ACCEPT information. 

3. (Currently Amended) The method for d i stribut i ng encrypt i on koys i n tho WLAN 
of claim 1 A furthor compr i sing: 

gon o rat i ng tho key, by sa i d AP, w i th a koy gon e ration a l gorithm; wher e in sa i d 
k e y re l ated i nformation M2 i ncludes said koy genoratod and oncryptod by said AP and 
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is sont to ca i d mobi l o hoct a l ong w i th sa i d ACCESS_ACCEFT message wherein said 
mobile host obtaining obtains the key through decrypting the key-related information M2 
w i th said proporty informat i on . 

4. (Cancelled) 

5. (Cancelled) 

6. (Previously Presented) The method for distributing encryption keys in the 
WLAN of claim 1 wherein when receiving data packets encrypted with a key sent from 
the mobile host, said AP updates the key through the following steps of: 

(a1) said AP generating a random number and generating a new key from said 
random number with any key generation algorithm; 

(b1) said AP adding said random number to a key update message and then 
sending said message to said mobile host; 

(c1) when receiving said key update message, said mobile host generating a 
new key from said random number contained in said key update message with the 
same key generation algorithm as that in step (a1); 

(d1 ) said mobile host encrypting the data packets to be sent to said AP with said 
new key and then sending the encrypted data packets to said AP, during the encryption 
process, said mobile host adding an encryption identifier to said data packets and 
changing the value of said encryption identifier to indicate the communication key has 
been changed; and 

(e1) when receiving the data packets from said mobile host, said AP determines 
whether to change the key according to value of said encryption identifier. 
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7. (Previously Presented) The method for distributing encryption keys in the 
WLAN of claim 1 wherein in order to achieve encryption communication with the new 
key, when receiving the data packets encrypted with the key sent from said mobile host, 
said AP updates the key periodically or aperiodically through the following steps of: 

(a2) said AP generating a new key in any way and encrypting said new key with 
the present key; 

(b2) said AP adding the encrypted key to the key update message and then 
sending said message to said mobile host; 

(c2) when receiving said key update message, said mobile host decrypting the 
new key contained in said key update message with the present key so as to obtain 
said new key; 

(d2) said mobile host encrypting the data packets to be sent to said AP with said 
new key and then sending the encrypted data packets to said AP, during the encryption 
process, said mobile host adding an encryption identifier to said data packets and 
changing the value of said encryption identifier to indicate the communication key has 
been changed; and 

(e2) when receiving the data packets from said mobile host, said AP determines 
whether to change the key according to value of said encryption identifier. 

8. (Previously Presented) The method for distributing encryption keys in the 
WLAN of claim 1 wherein when receiving the data packets encrypted with the key sent 
from said mobile host, said AP updates the key periodically or aperiodically through the 
following steps of: 
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(a3) said authentication device generating a random number which is used to 
generate a new key with the key generation algorithm, and then said authentication 
device sending said new key to said AP, and sending said random number to said 
mobile host via said AP; 

(b3) said AP sending said key update message to said mobile host after 
receiving said new key; 

(c3) when receiving said random number from said authentication device and 
said key update message from AP, said mobile host generating a new key from said 
random number with the same key generation algorithm as that in step (a3); 

(d3) said mobile host encrypting the data packets to be sent to said AP with said 
new key and then sending the encrypted data packets to said AP, during the encryption 
process, said mobile host adding an encryption identifier to said data packets and 
changing the value of said encryption identifier to indicate the communication key has 
been changed; and 

(e3) when receiving the data packets from said mobile host, said AP determines 
whether to change the key according to value of said encryption identifier. 

9. (Currently Amended) The method for distributing encryption keys in the WLAN 
of claim 1 wherein in order to achieve encryption communication with the new key, 
when receiving the data packets encrypted with the key sent from said mobile host, said 
AP updates the key periodically or aperiodically through the following steps of: 

(a4) said [[AP]] authentication device generating a new key in any way and 
encrypting said new key with the present key, then sending said new key to said AP, 
whereas sending the encrypted new key to said mobile host via said AP; 
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(b4) after receiving said new key, said AP sending a key update message to said 
mobile host; 

(c4) when receiving the encrypted key from said authentication device and said 
key update message from said AP, said mobile host decrypting the encrypted key with 
the present key to obtain a new key; 

(d4) said mobile host encrypting the data packets to be sent to said AP with said 
new key and then sending the encrypted data packets to said AP, during the encryption 
process, said mobile host adding an encryption identifier to said data packets and 
changing the value of said encryption identifier to indicate the communication key has 
been changed; and 

(e4) when receiving the data packets from said mobile host, said AP determines 
whether to change the key according to value of said encryption identifier. 

10. (Previously Presented) The method for distributing encryption keys in the 
WLAN of claim 1 wherein said authentication device is an authentication server installed 
in external network. 

1 1 . (Previously Presented) The method for distributing encryption keys in the 
WLAN of claim 6 wherein said authentication device is an authentication server installed 
in external network. 

12. (Previously Presented) The method for distributing encryption keys in the 
WLAN of claim 7 wherein said authentication device is an authentication server installed 
in external network. 
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13. (Previously Presented) The method for distributing encryption keys in the 
WLAN of claim 8 wherein said authentication device is an authentication server installed 
in external network. 

14. (Previously Presented) The method for distributing encryption keys in the 
WLAN of claim 9 wherein said authentication device is an authentication server installed 
in external network. 

1 5. (Previously Presented) The method for distributing encryption keys in the 
WLAN of claim 1 wherein said authentication device is a wireless gateway that connects 
said AP with external network. 

16. (Previously Presented) The method for distributing encryption keys in the 
WLAN of claim 6 wherein said authentication device is a wireless gateway that connects 
said AP with external network. 

17. (Previously Presented) The method for distributing encryption keys in the 
WLAN of claim 7 wherein said authentication device is a wireless gateway that connects 
said AP with external network. 

18. (Previously Presented) The method for distributing encryption keys in the 
WLAN of claim 8 wherein said authentication device is a wireless gateway that connects 
said AP with external network. 

19. (Previously Presented) The method for distributing encryption keys in the 
WLAN of claim 9 wherein said authentication device is a wireless gateway that connects 
said AP with external network. 
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20. (Previously Presented) The method for distributing encryption keys in the 
WLAN of claim 1 wherein said authentication device includes a wireless gateway and 
said authentication server installed in external network. 

21. (Previously Presented) The method for distributing encryption keys in the 
WLAN of claim 6 wherein said authentication device includes a wireless gateway and 
said authentication server installed in external network. 

22. (Previously Presented) The method for distributing encryption keys in the 
WLAN of claim 7 wherein said authentication device includes a wireless gateway and 
said authentication server installed in external network. 

23. (Previously Presented) The method for distributing encryption keys in the 
WLAN of claim 8 wherein said authentication device includes a wireless gateway and 
said authentication server installed in external network. 

24. (Previously Presented) The method for distributing encryption keys in the 
WLAN of claim 9 wherein said authentication device includes a wireless gateway and 
said authentication server installed in external network. 

25. (Currently Amended) An authentication device configured to . compr i oina : 

a rece i v i ng modu l o conf i gured to receive an authentication request from a mobile 
host, said authentication request comprising identification information for identity 
authentication; 

an authonticat i on modu lo conf i gur e d to authenticate said mobile host according 
to said identification information; 

a oond i ng modu l o configured to send an message comprising 
ACCESS_REJECT information to said mobile host if authentication fails, and 
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if authentication succeeds: 

send key-related information M1 to an access point (AP), wherein the key- 

related information M1 includes property information associated with the mobile 

host, for said AP to generate a key according to said key-related information M1 

using a key generation algorithm: and 

send a message comprising ACCESS_ACCEPT information to said 

mobile hos t, wherein: 

if the message comprising the ACCESS ACCEPT information 
comprises key-related information M2 including said key generated by 
said AP, said key-related information M2 is encrypted by the AP and is 
sent to said mobile host along with said ACCESS ACCEPT information: 
and 

if the message comprising the ACCESS ACCEPT information does 
not comprise the kev-related information M2, the mobile host generates 
the key upon receipt of said message comprising the ACCESS ACCEPT 
information. 

for sa i d mobile host to obta i n the key accord i ng to sa i d mossago compric i ng tho 
ACCESS_ACCEPT i nformation, i f authont i cation succeeds, where i n the koy rolatod 
i nformation M1 i ncludes proporty i nformation assoc i at e d w i th tho mobi l o host, 

26. (Currently Amended) A system, comprising: 

a mobile host, an authentication device, and an access point (AP); wherein: 
said authentication device is configured to: 
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receive an authentication request from said mobile host, said 
authentication request comprising identification information for identity 
authentication;^ 

authenticate said mobile host according to said identification 
information^,]]; 

to send an ACCESS_REJECT message to said mobile host if 
authentication fails[[,]]; te and 

if authentication succeeds: 

send key-related information M1 to the access point (AP) and to 
s e nd a messag e comprising ACCESS_ACCEPT i nformation to said 
mobi le host if auth e ntication succ ee ds , wherein the key-related 
information M1 includes property information associated with the mobile 
host; and 

send a message comprising ACCESS ACCEPT information to said 
mobile host. 

said AP is configured to receive said key-related information M1 and generate a 
key according to said kev-related information M1: and 
said mobile host is configured to: 

send [[an]] the authentication request containing identification information 
for identity authentication, and 

if the message comprising the ACCESS ACCEPT information comprises 
encrypted kev-related information M2 including said key generated bv said AP. 
obtain the key through decrypting the kev-related information M2: and 
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to if the message comprising the ACCESS ACCEPT information does not 
comprise the kev-related information M2. generate a key according to said message 
comprising ACCESS_ACCEPT information! 

sa i d AP i s configured to rocoivo said koy ro l at o d informat i on M1 and obta i n tho 
key accord i ng to said koy ro l atod i nformation M1 . 
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